PRNGD/Solaris 2.6/ssh 371p2
From: Curt D McIntosh (cmcintos_at_csc.com)
Date: 10/22/03
- Previous message: Rick Cone, Secure Payment Systems: "ssh remote command exectuion using cron"
- Next in thread: Lutz Jaenicke: "Re: PRNGD/Solaris 2.6/ssh 371p2"
- Reply: Lutz Jaenicke: "Re: PRNGD/Solaris 2.6/ssh 371p2"
- Maybe reply: Mak, Andrew: "RE: PRNGD/Solaris 2.6/ssh 371p2"
- Reply: Asif Iqbal: "Re: PRNGD/Solaris 2.6/ssh 371p2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: secureshell@securityfocus.com Date: Tue, 21 Oct 2003 18:00:16 -0400
On a Solaris 2.6 NIS Master, this is what I do using sunfreeware
packages...
As root:
add /usr/local/bin, /usr/local/sbin and /usr/local/ssl/bin to my path.
add /usr/local/ssl/lib to LD_LIBRARY_PATH and source profile.
--> pkgadd -d openssh-3.7.1p2-sol26-sparc-local
--> pkgadd -d openssl-0.9.7b-sol26-sparc-local
--> pkgadd -d zlib-1.1.4-sol26-sparc-local
--> pkgadd -d gcc-3.2.3-sol26-sparc-local
--> pkgadd -d tcp_wrappers-7.6-sol26-sparc-local
--> pkgadd -d prngd-0.9.25-sol26-sparc-local
--> pkgadd -d egd-0.8-sol26-sparc-local
--> pkgadd -d perl-5.8.0-sol26-sparc-local
--> cat /var/adm/messages > /usr/local/etc/prngd/prngd-seed
--> mkdir /var/spool/prngd
--> /usr/local/sbin/prngd /var/spool/prngd/pool
--> /usr/local/bin/egc.pl /var/spool/prngd/pool get
I see this:
32800 bits of entropy in pool
--> mkdir /var/empty
--> chown root:sys /var/empty
--> chmod 600 /var/empty
--> groupadd sshd
--> useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
--> cd /var/yp
--> make
# ssh-keygen -t rsa1 -N ""
PRNG is not seeded
# ps -ef | grep prngd
root 4031 228 0 14:41:09 pts/0 0:00 grep prngd
root 3985 1 0 14:39:54 ? 0:00 /usr/local/sbin/prngd
/var/spool/prngd/pool
Question:
Why do I get PRNG is not seeded? I had ssh 3.6.1 working just fine on
this Solaris 2.6 host. I upgraded to 3.7.1p2 for security reasons and it no longer works. I then removed all
packages, ssh user/group/home dir, scripts, keys, etc., and reinstalled
everything from scratch. Still no PRNG seed. Any suggestions?
Thanks,
Curt McIntosh
CSC
10920 Technology Place
Mail Zone 604S2, 4th Floor
San Diego, CA 92127
858-592-5857
cmcintos@csc.com
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
----------------------------------------------------------------------------------------
- Previous message: Rick Cone, Secure Payment Systems: "ssh remote command exectuion using cron"
- Next in thread: Lutz Jaenicke: "Re: PRNGD/Solaris 2.6/ssh 371p2"
- Reply: Lutz Jaenicke: "Re: PRNGD/Solaris 2.6/ssh 371p2"
- Maybe reply: Mak, Andrew: "RE: PRNGD/Solaris 2.6/ssh 371p2"
- Reply: Asif Iqbal: "Re: PRNGD/Solaris 2.6/ssh 371p2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
